<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[6737] sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor: 2FA: First pass at new user edit UI.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="http://meta.trac.wordpress.org/changeset/6737">6737</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"http://meta.trac.wordpress.org/changeset/6737","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>obenland</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2018-02-25 04:46:39 +0000 (Sun, 25 Feb 2018)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>2FA: First pass at new user edit UI.
Needs more work around changing devices, backup codes, and (possibly) application passwords.
See <a href="http://meta.trac.wordpress.org/ticket/77">#77</a>.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentpluginswporgtwofactorwporgtwofactorphp">sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/wporg-two-factor.php</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li>sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/js/</li>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentpluginswporgtwofactorjsprofileeditjs">sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/js/profile-edit.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentpluginswporgtwofactorjsprofileeditjs"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/js/profile-edit.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/js/profile-edit.js (rev 0)
+++ sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/js/profile-edit.js 2018-02-25 04:46:39 UTC (rev 6737)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,83 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+/* global ajaxurl:true */
+jQuery( function( $ ) {
+ $( '#two-factor-active' ).on( 'click', '[type="cancel"]', function( event ) {
+ event.preventDefault();
+
+ $.post(
+ ajaxurl,
+ {
+ action : 'two-factor-disable',
+ _ajax_nonce : $( '#_nonce_user_two_factor_totp_options' ).val(),
+ user_id : $( '#user_id' ).val(),
+ },
+ function( response ) {
+ if ( response.success ) {
+ $( '#two-factor-active' ).hide();
+ $( '#two-factor-start' ).show().find( 'div:first-of-type' ).prepend(
+ $( '<div class="bbp-template-notice info" />' ).text( response.data )
+ );
+ } else {
+ $( '#two-factor-active' ).find( 'div:first-of-type' ).prepend(
+ $( '<div class="bbp-template-notice error" />' ).text( response.data )
+ );
+ }
+ }
+ );
+ } );
+ $( '#two-factor-start-toggle' ).on( 'click', function() {
+ $( '#two-factor-start' ).hide();
+ $( '#two-factor-qr-code' ).show();
+ } );
+
+ $( '#two-factor-qr-code' ).on( 'click', '.button-link', function() {
+ $( '#two-factor-qr-code' )
+ .hide()
+ .find( '[type="tel"]').val( '' );
+ $( '#two-factor-key-code' ).show();
+ } );
+
+ $( '#two-factor-key-code' ).on( 'click', '.button-link', function() {
+ $( '#two-factor-key-code' )
+ .hide()
+ .find( '[type="tel"]').val( '' );
+ $( '#two-factor-qr-code' ).show();
+ } );
+
+ $( 'fieldset.two-factor' )
+ .not( '#two-factor-active' ).on( 'click', '[type="cancel"]', function( event ) {
+ event.preventDefault();
+
+ $( '.two-factor .bbp-template-notice' ).remove();
+
+ $( this ).parents( 'fieldset.two-factor' )
+ .hide()
+ .find( '[type="tel"]').val( '' );
+ $( '#two-factor-start' ).show();
+ } )
+ .on( 'click', '[type="submit"]', function( event ) {
+ event.preventDefault();
+
+ $( '.two-factor .bbp-template-notice' ).remove();
+
+ $.post(
+ ajaxurl,
+ {
+ action : 'two-factor-totp-verify-code',
+ _ajax_nonce : $('#_nonce_user_two_factor_totp_options').val(),
+ user_id : $('#user_id').val(),
+ key : $('[name="two-factor-totp-key"]').val(),
+ authcode : $('[name="two-factor-totp-authcode"]').val(),
+ },
+ function( response ) {
+ if ( response.success ) {
+ $( 'fieldset.two-factor' ).hide().find( '[type="tel"]').val( '' );
+ $( '#two-factor-active' ).show();
+ } else {
+ $( 'fieldset.two-factor:visible' ).find( 'div:first-of-type' ).prepend(
+ $( '<div class="bbp-template-notice error" />' ).text( response.data )
+ );
+ }
+ }
+ );
+ } );
+} );
</ins></span></pre></div>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentpluginswporgtwofactorwporgtwofactorphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/wporg-two-factor.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/wporg-two-factor.php 2018-02-24 23:51:11 UTC (rev 6736)
+++ sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/wporg-two-factor.php 2018-02-25 04:46:39 UTC (rev 6737)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -13,6 +13,17 @@
</span><span class="cx" style="display: block; padding: 0 10px"> class WPORG_Two_Factor {
</span><span class="cx" style="display: block; padding: 0 10px"> public function __construct() {
</span><span class="cx" style="display: block; padding: 0 10px"> add_filter( 'two_factor_providers', [ $this, 'two_factor_providers' ] );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ remove_action( 'edit_user_profile', [ 'Two_Factor_Core', 'user_two_factor_options' ] );
+ remove_action( 'show_user_profile', [ 'Two_Factor_Core', 'user_two_factor_options' ] );
+
+ if ( ! is_admin() ) {
+ add_action( 'edit_user_profile', [ $this, 'user_two_factor_options' ] );
+ add_action( 'show_user_profile', [ $this, 'user_two_factor_options' ] );
+ }
+
+ add_action( 'wp_ajax_two-factor-totp-verify-code',[ $this, 'ajax_verify_code' ] );
+ add_action( 'wp_ajax_two-factor-disable',[ $this, 'ajax_disable' ] );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> public function two_factor_providers( $providers ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -30,5 +41,138 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> return $wporg_providers;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ /**
+ * Displays the UI to set up and remove 2FA.
+ *
+ * @param \WP_User $user User object.
+ */
+ public function user_two_factor_options( $user ) {
+ wp_enqueue_script( 'two-factor-edit', plugins_url( 'js/profile-edit.js' , __FILE__ ), [ 'jquery' ], 1, true );
+
+ $key = get_user_meta( $user->ID, Two_Factor_Totp::SECRET_META_KEY, true );
+ $is_active = !! $key;
+ ?>
+
+ <h2 class="entry-title"><?php esc_html_e( 'Two Factor Authentication', 'wporg' ); ?></h2>
+ <?php Two_Factor_Totp::admin_notices(); ?>
+ <fieldset id="two-factor-active" class="bbp-form two-factor" <?php if ( ! $is_active ) { echo 'style="display:none;"'; } ?>>
+ <legend><?php esc_html_e( 'Two Factor Authentication', 'wporg' ); ?></legend>
+ <div><?php echo wp_kses_post( __( '<strong>Status:</strong> Two Factor Authentication is currently <span>ACTIVE</span>.', 'wporg' ) ); ?></div>
+ <div><?php esc_html_e( 'While enabled, logging in to WordPress.org requires you to enter a unique passcode, generated by an app on your mobile device, in addition to your username and password.', 'wporg' ); ?></div>
+ <div><?php esc_html_e( 'Switching to a new device? Follow these steps to avoid losing access to your account.', 'wporg' ); ?></div>
+ <div><button type="cancel" class="button button-secondary alignright"><?php esc_html_e( 'Disable Two Factor Authentication', 'wporg' ); ?></button></div>
+ </fieldset>
+ <?php
+ if ( empty( $key ) ) {
+ $key = Two_Factor_Totp::generate_key();
+ }
+
+ wp_nonce_field( 'user_two_factor_totp_options', '_nonce_user_two_factor_totp_options' );
+ ?>
+ <fieldset id="two-factor-start" class="bbp-form two-factor" <?php if ( $is_active ) { echo 'style="display:none;"'; } ?>>
+ <legend><?php esc_html_e( 'Two Factor Authentication', 'wporg' ); ?></legend>
+ <div><?php esc_html_e( 'Two-Step Authentication adds an extra layer of security to your account. Once enabled, logging in to WordPress.org will require you to enter a unique passcode generated by an app on your mobile device, in addition to your username and password.', 'wporg' ); ?></div>
+ <div><button type="button" id="two-factor-start-toggle" class="button button-primary"><?php esc_html_e( 'Get Started', 'wporg' ); ?></button></div>
+ </fieldset>
+
+ <fieldset id="two-factor-qr-code" class="bbp-form two-factor" style="display: none;">
+ <legend><?php esc_html_e( 'Two Factor Authentication', 'wporg' ); ?></legend>
+ <div>
+ <p><?php esc_html_e( 'Scan this QR code with your mobile app.', 'wporg' ); ?></p>
+ <p><button type="button" class="button-link"><?php esc_html_e( 'Can’t scan the code?', 'wporg' ); ?></button></p>
+ <img src="<?php echo esc_url( Two_Factor_Totp::get_google_qr_code( 'wordpress.org:' . $user->user_login, $key, 'wordpress.org' ) ); ?>" id="two-factor-totp-qrcode" />
+ <p><?php esc_html_e( 'Then enter the authentication code provided by the app:', 'wporg' ); ?></p>
+ <p>
+ <label class="screen-reader-text" for="two-factor-totp-authcode"><?php esc_html_e( 'Authentication Code:', 'wporg' ); ?></label>
+ <input type="hidden" name="two-factor-totp-key" value="<?php echo esc_attr( $key ) ?>" />
+ <input type="tel" name="two-factor-totp-authcode" class="input" value="" size="20" pattern="[0-9]*" placeholder="<?php esc_attr_e( 'e.g. 123456', 'wporg' ); ?>" />
+ </p>
+ <button type="cancel" class="button button-secondary alignleft"><?php esc_html_e( 'Cancel', 'wporg' ); ?></button>
+ <button type="submit" class="button button-primary alignright"><?php esc_html_e( 'Enable', 'wporg' ); ?></button>
+ </div>
+ </fieldset>
+
+ <fieldset id="two-factor-key-code" class="bbp-form two-factor" style="display: none;">
+ <legend><?php esc_html_e( 'Two Factor Authentication', 'wporg' ); ?></legend>
+ <div>
+ <p><?php esc_html_e( 'Enter this time code into your mobile app.', 'wporg' ); ?></p>
+ <p><button type="button" class="button-link"><?php esc_html_e( 'Prefer to scan the code?', 'wporg' ); ?></button></p>
+ <p class="key"><strong><?php echo esc_html( $key ); ?></strong></p>
+ <p><?php esc_html_e( 'Then enter the authentication code provided by the app:', 'wporg' ); ?></p>
+ <p>
+ <label class="screen-reader-text" for="two-factor-totp-authcode"><?php esc_html_e( 'Authentication Code:', 'wporg' ); ?></label>
+ <input type="hidden" name="two-factor-totp-key" value="<?php echo esc_attr( $key ) ?>" />
+ <input type="tel" name="two-factor-totp-authcode" class="input" value="" size="20" pattern="[0-9]*" placeholder="<?php esc_attr_e( 'e.g. 123456', 'wporg' ); ?>" />
+ </p>
+ <button type="cancel" class="button button-secondary alignleft"><?php esc_html_e( 'Cancel', 'wporg' ); ?></button>
+ <button type="submit" class="button button-primary alignright"><?php esc_html_e( 'Enable', 'wporg' ); ?></button>
+ </div>
+ </fieldset>
+
+ <style>
+ #bbpress-forums fieldset.two-factor:not(#two-factor-start) > div {
+ margin-left: 20%;
+ width: 60% !important;
+ }
+ #bbpress-forums .two-factor button.button-link {
+ color: #4ca6cf;
+ padding: 0;
+ }
+ #bbpress-forums .two-factor .key {
+ padding: 2rem 0;
+ }
+ </style>
+
+ <?php
+ }
+
+ /**
+ * AJAX handler to verify a user's 2FA code.
+ */
+ public function ajax_verify_code() {
+ check_ajax_referer( 'user_two_factor_totp_options', '_nonce_user_two_factor_totp_options' );
+
+ $user_id = absint( $_POST['user_id'] );
+ if ( ! current_user_can( 'edit_user', $user_id ) ) {
+ wp_send_json_error( __( 'You do not have permission to edit this user.' ) );
+ }
+
+ if ( empty( $_POST['authcode'] ) ) {
+ wp_send_json_error( __( 'Please enter a valid authorization code.' ) );
+ }
+
+ if ( Two_Factor_Totp::is_valid_authcode( $_POST['key'], $_POST['authcode'] ) ) {
+ if ( ! update_user_meta( $user_id, Two_Factor_Totp::SECRET_META_KEY, $_POST['key'] ) ) {
+ wp_send_json_error( __( 'Unable to save Two Factor Authentication code. Please try again.', 'wporg' ) );
+ }
+
+ wp_send_json_success();
+ }
+
+ wp_send_json_error( __( 'The authentication code you entered was not valid. Please try again.', 'wporg' ) );
+ }
+
+ /**
+ * AJAX handler to disable 2FA.
+ */
+ public function ajax_disable() {
+ check_ajax_referer( 'user_two_factor_totp_options', '_nonce_user_two_factor_totp_options' );
+
+ $user_id = absint( $_POST['user_id'] );
+ if ( ! current_user_can( 'edit_user', $user_id ) ) {
+ wp_send_json_error( __( 'You do not have permission to edit this user.' ) );
+ };
+
+ if ( ! delete_user_meta( $user_id, Two_Factor_Totp::SECRET_META_KEY ) ) {
+ wp_send_json_error( __( 'Unable to remove Two Factor Authentication code. Please try again.', 'wporg' ) );
+ }
+
+ if ( ! update_user_meta( $user_id, Two_Factor_Core::ENABLED_PROVIDERS_USER_META_KEY, [] ) ) {
+ wp_send_json_error( __( 'Unable to remove Two Factor Authentication code. Please try again.', 'wporg' ) );
+ }
+
+ wp_send_json_success( __( 'Two Factor authentication disabled. Your account is now less secure.', 'wporg' ) );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> new WPORG_Two_Factor();
</span></span></pre>
</div>
</div>
</body>
</html>